Windows Event Log Persistence Techniques - Bypassing Protections and Maintaining Access

Explore advanced Windows persistence techniques and bypass methods in this conference talk from Ekoparty 2023. Delve into red team operations and penetration testing strategies for Windows environments, focusing on leveraging the operating system itself as an ally. Learn about bypassing Constrained Language Mode, elevating privileges using WIX files, and achieving persistence through Windows Event Log manipulation. Discover how to remain undetectable by Windows Defender while executing these techniques in a controlled lab environment with protection mechanisms like AppLocker in place. Gain insights into creating custom scripts, exploiting Windows Installer packages, and abusing event logs for payload execution. Understand the phases of a red team operation, from initial reconnaissance to maintaining long-term access, all while using Windows components to your advantage.